Fortgale Blog » Attention

December 18, 2023 ·Featured

Espionage activities targeting European businesses

In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, an advanced Cyber Espionage group active since 2021 and primarily targeting entities within the Banking & Finance and Real Estate sectors across Europe and North America. In particular, most of the involved companies are Private Equity Firms, Hedge Funds, Venture Capitals and Luxury … Read more

Read the analysis

December 6, 2023 ·Featured

Nebula Broker: offensive operations made in Italy

Fortgale has been tracking an Italian Threat Actor, internally dubbed as Nebula Broker, since March 2022. The actor uses self-made malware (BrokerLoader) to compromise Italian systems. Further analysis revealed that the attacker has been operating since the end of 2020. Although this threat is not well-known, the number of compromises is particularly extensive. Indeed, Fortgale … Read more

Read the analysis

September 22, 2023 ·Defence

The Rising Threat of QR Code-Enabled Phishing Emails: Quishing

In the ever-evolving landscape of cyber threats, threat actors are constantly seeking new and innovative ways to deceive and compromise unsuspecting targets. One of the latest techniques that Fortgale observed gaining prominence over the last few months is the utilization of QR codes in phishing email campaigns (Spearphishing Technique – T1566). In this article, we … Read more

Read the analysis

September 19, 2023 ·Featured

What happens during a Ransomware Attack?

The Incident Response activities carried out by our Team in the last period confirm the growing trend in the number of cyber attacks against Italian companies. What should make us reflect (beyond the numbers and the damage caused) is the technical evolution and increase in complexity of the latter. In fact, we notice greater interaction … Read more

Read the analysis

July 5, 2023 ·Featured

PlugX Evolution: Rising detections in Europe and Italy

Recentemente il nostro team di analisti ha identificato l’utilizzo del Trojan PlugX all’interno di sistemi aziendali italiani. Il Trojan è riuscito ad infiltrarsi nei sistemi target tramite l’utilizzo di un dispositivo USB infetto.

Read the analysis

May 19, 2021 ·Featured

REvil Ransomware Operator: A time zone analysis

In April 2021, an unidentified Gold Southfield operator carried out a Ransomware attack against a European company. The initial access is performed by Gold Cabin, an access broker, that deploys IceID (Bokbot), a Remote Access Tool (RAT) malware[link]. Once inside the company, the access broker passes privileges to the main operator who deploys the REvil ransomware. This threat actor … Read more

Read the analysis

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Espionage activities targeting European businesses

Nebula Broker: offensive operations made in Italy

The Rising Threat of QR Code-Enabled Phishing Emails: Quishing

What happens during a Ransomware Attack?

PlugX Evolution: Rising detections in Europe and Italy

REvil Ransomware Operator: A time zone analysis

Cookie & Privacy